next up previous
Next: Goals in Logical Analysis Up: Goals Discussed in Previous Previous: Intensional and Extensional Goals

Key Establishment or Authentication?

In the early literature on cryptographic protocols it was common to refer to all protocols concerned with setting up session keys as `authentication protocols'. This is not entirely satisfactory because some protocols which set up session keys provide no authentication of one party to the other while other protocols designed to provide entity authentication involve no session key. Therefore it has become common more recently to distinguish between protocols which provide only authentication, and call these entity authentication protocols while using the term key establishment protocol for one that involves setting up a new key, typically for a communications session.

One of the features of the hierarchy of goals presented below is an integration of goals concerning key establishment and entity authentication. It has been recognised by many authors that there is a problem defining in abstract terms what should be meant by entity authentication, although the meaning of key establishment seems easier to decide upon. Gollman [13] has put forward a number of different options for what could be meant by authentication. The first one is as follows.

The protocol shall establish a fresh session key, known only to the participants in the session and possibly some Trusted Third Parties.

This is clearly an extensional goal. Furthermore, it may be achieved even though each party knows nothing about even the existence of the other party, let alone whether the other party is willing to engage in a session. Thus this is a goal about key establishment rather than entity authentication.

The second goal suggested by Gollman is as follows, in which A and B are the protocol principals.

A cryptographic key associated with B was used in a message received by A during the protocol run. The protocol run is defined by A 's challenge or a current time stamp.

This is an intensional goal concerning entity authentication. It says nothing about a new session key and can clearly be satisfied by a protocol which is not concerned with key establishment. Gollman's other two goals are also intensional and say nothing about session keys.

This pattern, of using extensional specifications when considering key establishment and intensional ones when considering entity authentication, will be seen to be repeated many times by different authors. It may be posited that it is easier to use extensional goals when dealing with key establishment than when dealing with entity authentication. In section 3 extensional goals for entity authentication are proposed.

next up previous
Next: Goals in Logical Analysis Up: Goals Discussed in Previous Previous: Intensional and Extensional Goals